[thelist] Cookies and Session state for Authentication
Rob Smith
rob.smith at THERMON.com
Thu May 13 16:29:03 CDT 2004
<snip author="Mike">
What is the best combination of cookies, sessions or anything else for
browsers with high privacy settings, when trying to maintain state?
</snip>
The solution should not be placed in the clients hands. It needs to be
controlled via the server. The client is unpredictable whereas the server
is.
For this reason, we use session variables and make sure that session.timeout
= -5000 (never expires). When logging out, there is a hidden page with two
elements: session.abandon and response.redirect("Home.asp")
To help with this, as anthony has described we kept passing the ID around
through the links. If for some odd reason we needed that session variable to
remain active indefinitely on a page, we'd store it into a local variable.
R.S.
More information about the thelist
mailing list